Privacy Policy

Last Updated: March 16, 2026

Rosalie Sutton's website is owned and operated by Dinofin OÜ (registry code 16701124, Ahtri tn 12, 15551 Tallinn, Estonia), which is the data controller for your personal information. We are committed to protecting your privacy and being transparent about how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Personal Information We Collect

Automatically Collected Information (Device Information)

When you visit our website, we automatically collect certain information about your device and browsing activity, including:

Web browser type and version
IP address
Time zone
Pages you view
Website or search terms that referred you to our site
How you interact with the site

This "Device Information" is collected through cookies and similar tracking technologies (see our Cookie Policy for details).

Information You Provide Directly

When you contact us: We collect the following information when you use our contact form:

Full Name (optional)
Email Address
Your message

We use this information to respond to your inquiries. Our legal basis is our legitimate interest in providing support and communicating with website visitors.

When You Subscribe to Our Newsletter: We collect your email address when you voluntarily subscribe to our newsletter through Substack. You must confirm your email address by clicking a verification link (double opt-in process) before being added to our subscriber list.

How We Use Your Information

We use your email address to:

Deliver our newsletter and regular updates
Send you requested materials and resources
Communicate about our offerings

You can unsubscribe at any time by clicking the unsubscribe link in any email or by contacting us directly.

We use Device Information to analyze how visitors use our website, improve functionality, and enhance user experience.

Third-Party Services and Data Processing

We use the following third-party services, which may process your personal data:

Substack (Email Newsletter Distribution)

What they collect: Email address and engagement data (opens, clicks).
How your data is stored: In the United States.
Legal safeguards: Standard Contractual Clauses.
More information: Please review Substack's Privacy Policy.

Google Analytics (Website Traffic Analysis)

What they collect: IP address, browser type, pages visited, and usage patterns.
Data location: Google's servers (may be outside the EEA).
More information: See Google's Privacy Policy. You can opt out of data collection by installing the Google Analytics Opt-out Browser Add-on.

Hostinger (Website Hosting)

What they collect: IP addresses and browser information for security and service operation.
Data location: Primarily within the EEA.
More information: See Hostinger's Privacy Policy.

YouTube (Video Content)

Our website contains links to our videos hosted on YouTube. When you click on a link to YouTube, you are taken to their website.
More information: We are not responsible for the data practices of YouTube. Please review YouTube's Terms of Use.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies. For a detailed explanation of the cookies we use and how to manage them, please refer to our Cookie Policy.

International Data Transfers

Dinofin OÜ is based in the European Union. We use service providers that may process data outside the EEA, including Substack, YouTube, and Google Analytics. These transfers comply with GDPR through mechanisms such as Standard Contractual Clauses (SCCs) to ensure your data receives protection equivalent to EEA standards.

Data Retention

We retain your personal data only as long as necessary to provide our services, comply with legal obligations, and fulfill the purposes described in this policy. When we no longer need your information, we securely delete or anonymize it.

Your Legal Basis for Processing

Under GDPR, we process your personal data based on:

Consent: We process your email address for marketing communications based on your explicit consent when you subscribe to our newsletter.
Legitimate Interest: We process Device Information to improve our website and prevent abuse. We also rely on legitimate interest to respond to your inquiries via our contact form. We only do this when our interests are balanced against your rights.

Your Data Protection Rights

As a resident of the European Economic Area (EEA), you have the following rights:

Right to Access: You can request a copy of the personal data we hold about you.
Right to Rectification: You can ask us to correct inaccurate or incomplete information.
Right to Erasure ("Right to Be Forgotten"): You can request the deletion of your personal data.
Right to Restrict Processing: You can request that we limit how we use your data.
Right to Data Portability: You can request your data in a structured, machine-readable format.
Right to Object: You can object to our processing of your personal data.
Right to Withdraw Consent: You can withdraw consent for marketing at any time.
Right to Lodge a Complaint: You can file a complaint with your local Data Protection Authority.

How to Exercise Your Rights

To exercise any of these rights, please contact us via our contact form. We will respond within 30 days. For data held by third parties like Substack, you may need to contact them directly.

Information Security

We use reasonable administrative, technical, and physical safeguards to protect your personal data. However, no data transmission over the Internet is completely secure.

Links to Third-Party Websites

Our website contains links to other sites, like YouTube. We are not responsible for their privacy practices. We encourage you to read their privacy policies.

Legal Disclosure

We may disclose your information if required by law, to protect our rights, or to respond to government requests.

Contact Us

If you have questions about this Privacy Policy, please contact us via our Contact Page.